feat: add security sink detection patterns for JavaScript/TypeScript
- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations). - Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns. - Added `package-lock.json` for dependency management.
This commit is contained in:
StellaOps Bot
73
src/VexHub/StellaOps.VexHub.WebService/Program.cs
Normal file
73
src/VexHub/StellaOps.VexHub.WebService/Program.cs
Normal file
@@ -0,0 +1,73 @@
|
||||
using Serilog;
|
||||
using StellaOps.VexHub.Core.Extensions;
|
||||
using StellaOps.VexHub.Storage.Postgres.Extensions;
|
||||
using StellaOps.VexHub.WebService.Extensions;
|
||||
using StellaOps.VexHub.WebService.Middleware;
|
||||
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
|
||||
// Configure Serilog
|
||||
Log.Logger = new LoggerConfiguration()
|
||||
.ReadFrom.Configuration(builder.Configuration)
|
||||
.Enrich.FromLogContext()
|
||||
.CreateLogger();
|
||||
|
||||
builder.Host.UseSerilog();
|
||||
|
||||
// Add services to the container
|
||||
builder.Services.AddVexHubCore(builder.Configuration);
|
||||
builder.Services.AddVexHubPostgres(builder.Configuration);
|
||||
builder.Services.AddVexHubWebService(builder.Configuration);
|
||||
|
||||
// Add authentication
|
||||
builder.Services.AddAuthentication("ApiKey")
|
||||
.AddScheme<ApiKeyAuthenticationOptions, ApiKeyAuthenticationHandler>("ApiKey", options =>
|
||||
{
|
||||
options.AllowAnonymous = true; // Allow anonymous for public read endpoints
|
||||
// API keys can be configured via configuration
|
||||
var apiKeysSection = builder.Configuration.GetSection("VexHub:ApiKeys");
|
||||
foreach (var keySection in apiKeysSection.GetChildren())
|
||||
{
|
||||
var key = keySection.Key;
|
||||
options.ApiKeys[key] = new ApiKeyInfo
|
||||
{
|
||||
KeyId = keySection["KeyId"] ?? key,
|
||||
ClientId = keySection["ClientId"] ?? "unknown",
|
||||
ClientName = keySection["ClientName"] ?? "Unknown Client",
|
||||
Scopes = keySection.GetSection("Scopes").Get<string[]>() ?? Array.Empty<string>(),
|
||||
RateLimitPerMinute = keySection.GetValue<int?>("RateLimitPerMinute")
|
||||
};
|
||||
}
|
||||
});
|
||||
|
||||
builder.Services.AddAuthorization();
|
||||
builder.Services.AddEndpointsApiExplorer();
|
||||
builder.Services.AddOpenApi();
|
||||
|
||||
var app = builder.Build();
|
||||
|
||||
// Configure the HTTP request pipeline
|
||||
if (app.Environment.IsDevelopment())
|
||||
{
|
||||
app.MapOpenApi();
|
||||
}
|
||||
|
||||
app.UseHttpsRedirection();
|
||||
app.UseSerilogRequestLogging();
|
||||
|
||||
// Add rate limiting middleware
|
||||
app.UseVexHubRateLimiting();
|
||||
|
||||
// Add authentication and authorization
|
||||
app.UseAuthentication();
|
||||
app.UseAuthorization();
|
||||
|
||||
// Map API endpoints
|
||||
app.MapVexHubEndpoints();
|
||||
|
||||
// Health check
|
||||
app.MapGet("/health", () => Results.Ok(new { Status = "Healthy", Service = "VexHub" }))
|
||||
.WithName("HealthCheck")
|
||||
.WithTags("Health");
|
||||
|
||||
app.Run();
|
||||
Reference in New Issue
Block a user